Title: METHOD AND APPARATUS FOR SECURE KEY REPLACEMENT 
Inventor(s): William E. FREEMAN, et al. 
Contact Name: John K. Harrop (202) 662-2700 
Attorney Docket No.: 149391 




Title: METHOD AND APPARATUS tOR SECURE KEY REPLACEMENT 
Inventor(s): William E. FREEMAN, et al. 
Contact Name: John K. Harrop (202) 662-2700 
Attorney Docket No.: 149391 



^ START \— 



100 



101 







COMPUTE DIGEST OF 
UNENCRYPTED MESSAGE 




1 


CD 


ENCRYPT DIGEST WITH 
SENDER'S PRIVATE KEY 






ED 


COMBINE ENCRYPTED 
DIGEST WITH 
UNENCRYPTED MESSAGE 






ED+M 


ENCRYPT 
MESSAGE+DIGEST USING 
RECEIVER'S PUBLIC KEY 




1 


TXM 



110 



120 



130 



140 



c 



END 



141 



FIG. 2 



Title: METHOD AND APPARATUS FOR SECURE KEY REPLACEMENT 
Inventor(s): William E. FREEMAN, et al. 
Contact Name: John K. Harrop (202) 662-2700 
Attorney Docket No.: 149391 



C 



START 



200 



201 



TXM 



DECRYPT WITH 
RECEIVER'S 
PRIVATE KEY 



M 



210 



ED+M 



SEPARATE MESSAGE AND 
ENCRYPTED DIGEST 



220 



230 



1 



DETERMINE SENDER'S 
IDENTITY FROM 
UNENCRYPTED MESSAGE 



ED 



250 



DETERMINE SENDER'S 
PUBLIC KEY 



240 



1 



COMPUTE DIGEST OF 
UNENCRYPTED MESSAGE 



260 



1 



DECRYPT DIGEST USING 
SENDER'S PUBLIC KEY 



CD 




NO 


280 




) 


MESSAGE WAS NOT SENT 


BY SENDER OR WAS 


ALTERED 



CD=DD? 





DD 


270 






YES 290 




f 


MESSAGE WAS SENT BY 


SENDER AND WAS NOT 


ALTERED 



END 



c 



FIG. 3 




291 



Title: METHOD AND APPARATUS FOR SECURE KEY REPLACEMENT 
Inventor(s): William E. FREEMAN, et al. 
Contact Name: John K. Harrop (202) 662-2700 
Attorney Docket No.: 149391 



in 

CD 



CD 
CM 



CO 
CD 
CM 



CN 
CD 
CM 



< LU 

go 
I- 

< 



LU 



>Z> 

uj Q 

OO 



CD 
CM 



LU 
I 

O 

o 

-J 
D_ 
LU 



CO 
CD 
CM 

S 


CO 
CD 
CM 






< 


; < 


a: 


! a: 




- o 


o 


! o 


a: 


! t£ 


CL 


. a. 




i 



CD 
CD 
CM 



>- 

O 
LU 



i ' 



CO 
CD 
CM 



LU O 



Title: METHOD AND APPARATUS FOR SECURE KEY REPLACEMENT 
Inventor(s): William E. FREEMAN, et al. 
Contact Name: John K. Harrop (202) 662-2700 
Attorney Docket No.: 149391 



^374 



USER 
TERMINAL 




FIG. 4B 



Title: METHOD AND APPARATUS FOR SECURE KEY REPLACEMENT 
Invenlor(s): William E. FREEMAN, et al. 
Contact Name: John K. Harrop (202) 662-2700 
Attorney Docket No.: 149391 



310 



378- 



321 



(tcp/ip)- 



323 



360 
326 

324 



BROWSER 



JAVA APPLETS 



375 JAVA 
ENVIRONMENT 

384 



JAVA 

PROGRAM 



DEVICE 
MANAGER 



DEVICE 
INTERFACE 



380 



311 



SOFTWARE 
INTERFACE 



322 



DISPLAY 



CARD 
READER 



I 



312 



TOKEN 



KEYBOARD 

318 ^314 
400 



MOUSE 
^316 



FIG. 5 



Title: METHOD AND APPARATUS FOR SECURE KEY REPLACEMENT 
Inventor(s): William E. FREEMAN, et al. 
Contact Name: John K. Harrop (202) 662-2700 
Attorney Docket No.: 149391 



O 
LO 




LU 
CD 
Z 
Q LU 

COO 



o 

oo 



LU 

o 



>- 

LU 

_l D_ 

6 



Q 

< 
X 



LU 

lu o$ in 
o 



CN 
CO 



CD 



o 



7 

O 

CO 



CO 



Hi 

< r— 
LU 3 

o< 



CO 








> 


Q_ 


TK_ 


J=>R 


EY( 


(CA 




> 


o 


LU 


_j 




CD 


LU 






Ql 




LU 


cr 




Q_ 


o 


< 







CD 
EC 



CD 



CM 

• CD 



Title: METHOD AND APPARATUS FOR SECURE KEY REPLACEMENT 
Inventor(s): William E. FREEMAN, et al. 
Contact Name: John K. Harrop (202) 662-2700 
Attorney Docket No.: 149391 



(" START V— 



501 



500 



CA GENERATES & 

SENDS SKRP 
REKEY REQUEST 

I 



510 



USER'S COMPUTER 
RECEIVES & PROCESSES 
SKRP REKEY REQUEST 



520 



I 



JAVA APPLET 
CHECKS CA 
SIGNATURE 



530 




JAVA APPLET 
CHECKS FOR 
REPLAY 



REPLACE 
PRIVATE KEY WITH 
SKRP PRIVATE KEY 



550 



560 



USER'S TOKEN SIGNS 
CHALLENGE WITH 
SKRP PRIVATE KEY 



570 



RETURN SIGNED 
CHALLENGE TO CA 



580 



REMOVE SKRP 
PRIVATE KEY FROM 
USER'S TOKEN 



590 



FIG. 7 



END 



591 



Title: METHOD AND APPARATUS FOR SECURE KEY REPLACEMENT 
Inventor(s): William E. FREEMAN, et al. 
Contact Name: John K. Harrop (202) 662-2700 
Attorney Docket No.: 149391 



550 



COMPARE 
TIME STAMPS 



551 





TO 560 



► TO 591 



FIG. 8A 



COMPARE KEY 
IDENTIFIER TO 
PREVIOUSLY 
DELETED KEYS 



550 1 



555 




» TO 591 



FIG. 8B 



